On 2026/04/30 20:26, Pontus Stenetorp wrote:
> On Thu 30 Apr 2026, Stuart Henderson wrote:
> > 
> > re https://marc.info/?l=openbsd-misc&m=177751432601667&w=2
> > 
> > we do have "Detailed peer information is available to the superuser <...>" 
> > for wg(4) in ifconfig(8) but no mention of the more general case.
> > 
> > does this make sense?
> > 
> > Index: ifconfig.8
> > ===================================================================
> > RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
> > diff -u -p -r1.413 ifconfig.8
> > --- ifconfig.8	3 Dec 2025 10:19:27 -0000	1.413
> > +++ ifconfig.8	30 Apr 2026 09:55:00 -0000
> > @@ -68,6 +68,10 @@ If a protocol family is specified,
> >  will report only the details specific to that protocol family.
> >  If no parameters are provided, a summary of all interfaces is provided.
> >  .Pp
> > +Some parts of interface configuration, for example private keys or
> > +passphrases, are only available to the superuser and are otherwise
> > +omitted.
> > +.Pp
> 
> It is the case that all information omitted is sensitive due to security implications, no?

Not to my eyes. For wg(4), all peer information is omitted for !root,
including pubkeys, descr, bytes tx/rx, last handshake, etc. (And
actually wgpsk isn't available, even to root). So I prefer to leave
this a bit ambiguous and just suggest that root may see more than
!root without going into too many details.